Integrating security policy and event management
First Claim
1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
- access security data identifying a plurality of security events detected in a computing system, wherein each of the plurality of security events is based on a respective one of a plurality of security policies;
determine, for each of the plurality of security events, attributes of the event from the security data;
present a representation of the plurality of security events in an interactive graphical user interface, wherein the representation comprises a plurality of graphical elements, each graphical element represents a respective subset of the plurality of security events corresponding to an intersection of at least two respective event attributes, size of each graphical element is rendered to indicate an amount of the plurality of security events included in the corresponding subset; and
detect a user interaction with a particular one of the plurality of graphical elements through the graphical user interface, wherein the particular graphical element corresponds to a particular subset of the plurality of security events, and the user interaction causes a presentation of a view, within the graphical user interface, identifying a respective subset of the plurality of security policies corresponding to detection of the particular subset of security events.
11 Assignments
0 Petitions
Accused Products
Abstract
A plurality of security events is detected in a computing system, each security event based on at least one policy in a plurality of security policies. Respective interactive graphical representations are presented in a graphical user interface (GUI) of either or both of the security events or security policies. The representations include interactive graphical elements representing the respective security events or security policies. User selection of a particular event element via the interactive GUI causes a subset of the security policies to be identified, each security policy in the subset serving as a basis for at least one particular security event represented by the particular event element. User selection of a particular policy element via the interactive GUI causes a subset of the security policies to be identified, each security event in the subset based at least in part on a particular security policy represented by the particular policy element.
-
Citations
17 Claims
-
1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
-
access security data identifying a plurality of security events detected in a computing system, wherein each of the plurality of security events is based on a respective one of a plurality of security policies; determine, for each of the plurality of security events, attributes of the event from the security data; present a representation of the plurality of security events in an interactive graphical user interface, wherein the representation comprises a plurality of graphical elements, each graphical element represents a respective subset of the plurality of security events corresponding to an intersection of at least two respective event attributes, size of each graphical element is rendered to indicate an amount of the plurality of security events included in the corresponding subset; and detect a user interaction with a particular one of the plurality of graphical elements through the graphical user interface, wherein the particular graphical element corresponds to a particular subset of the plurality of security events, and the user interaction causes a presentation of a view, within the graphical user interface, identifying a respective subset of the plurality of security policies corresponding to detection of the particular subset of security events. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method comprising:
-
accessing security data identifying a plurality of security events detected in a computing system, wherein each security event in the plurality of security events is based on at least one policy in a plurality of security policies defined for the computing system; determining, for each of the plurality of security events, attributes of the event from the security data; presenting a representation of the plurality of security events in an interactive graphical user interface, wherein the representation comprises a plurality of graphical elements, each graphical element represents a respective subset of the plurality of security events corresponding to an intersection of at least two respective event attributes, size of each graphical element is rendered to indicate an amount of the plurality of security events included in the corresponding subset; and detecting a user interaction with a particular one of the plurality of graphical elements through the graphical user interface, wherein the particular graphical element corresponds to a particular subset of the plurality of security events, and the user interaction causes a presentation of a view, within the graphical user interface, identifying a respective subset of the plurality of security policies corresponding to detection of the particular subset of security events.
-
-
16. A system comprising:
-
at least one processor device; at least one memory element; an event manager, comprising logic when executed by the at least one processor device to; access security data identifying a plurality of security events detected in a computing system, each security event in the plurality of security events based on at least one policy in a plurality of security policies defined for the computing system; and determine, for each of the plurality of security events, attributes of the event from the security data; and a security event user interface engine, comprising logic when executed by the at least one processor device to; present a representation of the plurality of security events in an interactive graphical user interface, wherein the representation comprises a plurality of graphical elements, each graphical element represents a respective subset of the plurality of security events corresponding to an intersection of at least two respective event attributes, size of each graphical element is rendered to indicate an amount of the plurality of security events included in the corresponding subset; and detect a user interaction with a particular one of the plurality of graphical elements through the graphical user interface, wherein the particular graphical element corresponds to a particular subset of the plurality of security events, and the user interaction causes a presentation of a view, within the graphical user interface, identifying a respective subset of the plurality of security policies corresponding to detection of the particular subset of security events. - View Dependent Claims (17)
-
Specification